mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-10 09:56:55 +00:00
Code Activity
4312 commits 18 branches 550 tags 293 MiB
Commit graph

2485 commits

Author SHA1 Message Date
Frank Jogeleit
43fc77c71f
Add rule to PolicyViolation event messages (#3787) 
Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com>

Co-authored-by: Jim Bugwadia <jim@nirmata.com>
 2022-05-03 18:35:42 +00:00
Charles-Edouard Brétéché
2b6549fd5b
chore: remove config flags (#3786) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-05-03 17:52:10 +00:00
Charles-Edouard Brétéché
32789d1c0d
fix: add missing tombstone calls (#3784) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

Co-authored-by: shuting <shuting@nirmata.com>
 2022-05-03 16:58:20 +00:00
Charles-Edouard Brétéché
400e486b46
refactor: create a package for controllers and move certmanager in it (#3782) 
* refactor: use typed informers and add tombstone support to webhookconfig

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* refactor: remove unstructured usage from webhookconfig

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* refactor: cert manager controller

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-05-04 00:23:34 +08:00
Charles-Edouard Brétéché
207459cc40
refactor: policycache package logger (#3783) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-05-03 20:24:11 +08:00
Charles-Edouard Brétéché
f70ef051dc
refactor: move ImageExtractorConfigs in api package (#3781) 2022-05-03 08:45:08 +00:00
Charles-Edouard Brétéché
52d1b642d6
refactor: dclient package logger (#3778) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-05-03 08:24:30 +00:00
Charles-Edouard Brétéché
873e394e5f
fix: cert manager duplicate event handler (#3772) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

Co-authored-by: Sambhav Kothari <sambhavs.email@gmail.com>
 2022-05-03 07:37:18 +00:00
Danny Kulchinsky
810369d876
webhookconfig: if services resource, add services/status as well (#3740) 
Signed-off-by: Danny Kulchinsky <dkulchinsky@fastly.com>

Co-authored-by: shuting <shuting@nirmata.com>
 2022-05-03 05:54:08 +00:00
Charles-Edouard Brétéché
c79223393b
refactor: dclient package (#3775) 
* refactor: replace clientset by inteface

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* refactor: dclient package

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-05-03 13:30:04 +08:00
Charles-Edouard Brétéché
6e07acdd87
refactor: replace clientset by inteface (#3774) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-05-02 20:30:07 +00:00
Charles-Edouard Brétéché
a592dad2aa
refactor: cosign package logger (#3773) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-05-02 21:03:44 +01:00
Charles-Edouard Brétéché
18af55ed49
refactor: wait for cache sync (#3765) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-05-03 01:41:39 +08:00
Sambhav Kothari
0a5f004047
Allow non-object type elements for foreach rules (#3763) 
Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
 2022-05-02 16:39:37 +00:00
Sambhav Kothari
e1ee6e8cbd
Reduce log verbosity for image extractors (#3764) 2022-05-02 15:04:19 +00:00
Charles-Edouard Brétéché
45e3bf452a
chore: remove unused resourcecache package (#3762) 2022-05-02 15:15:44 +01:00
Charles-Edouard Brétéché
972be16ad3
refactor: remove unstructured usage from webhookconfig (#3737) 
* refactor: use typed informers and add tombstone support to webhookconfig

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* refactor: remove unstructured usage from webhookconfig

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-05-02 18:58:04 +08:00
Charles-Edouard Brétéché
87880ad6f1
refactor: use typed informers and add tombstone support to webhookconfig (#3736) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

Co-authored-by: Sambhav Kothari <sambhavs.email@gmail.com>
 2022-05-02 08:19:39 +00:00
Jim Bugwadia
3cb620499e
Remove YAML multiline support in CM values (#3721) 
* remove YAML multiline support in CM values

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* remove unused code

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* fix test

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

Co-authored-by: shuting <shuting@nirmata.com>
 2022-05-02 08:57:35 +01:00
Jim Bugwadia
4f8eab76ce
cleanup event messages and sources (#3741) 
* cleanup events

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* fix sonatype issues

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

Co-authored-by: Sambhav Kothari <sambhavs.email@gmail.com>
Co-authored-by: shuting <shuting@nirmata.com>
 2022-05-02 05:14:32 +00:00
Jim Bugwadia
0771ffd474
Add error handling and log for image extractor errors (#3724) 
Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
 2022-05-01 23:44:51 +00:00
Jim Bugwadia
ef71102b22
Fix verify all images (#3748) 
Co-authored-by: Sambhav Kothari <sambhavs.email@gmail.com>
 2022-05-01 23:02:49 +00:00
Charles-Edouard Brétéché
96b33f6200
refactor: metrics package logger (#3734) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-04-29 19:33:08 +02:00
Prateek Pandey
97f845124f
fix: block policy for missing matched kind (#3733) 
Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>
 2022-04-29 21:53:18 +08:00
Charles-Edouard Brétéché
82c9c2d08b
fix: missing image verification rules in autogen (#3729) 
* fix: missing image verification rules in autogen

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* fix: missing image verification rules in autogen

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-04-29 13:48:22 +02:00
shuting
a4815f77c4
Convert GenerateRequest to UpdateRequest for backward compatibility (#3730) 
- Remove GenerateRequest Informer
 - Rename GenerateRequest to UpdateRequest in logs and vars
 - Fix initContainer leader election
 - Convert GenerateRequest to UpdateRequest in initContainer
 - Remove unused methods
 - Add printer column ruleType to UR


Signed-off-by: ShutingZhao <shuting@nirmata.com>
 2022-04-29 16:35:49 +05:30
Charles-Edouard Brétéché
de84b8071d
refactor: autogen package logger (#3727) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-04-29 09:12:21 +00:00
Charles-Edouard Brétéché
61a1d40e5e
fix: correct tombstone usage (#3718) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-04-29 09:50:17 +02:00
Charles-Edouard Brétéché
24ed931f42
refactor: remove some api unnecessary pointers (4) (#3713) 
* refactor: remove some api unnecessary pointers

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* refactor: remove some api unnecessary pointers (2)

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* refactor: remove some api unnecessary pointers (3)

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* refactor: remove some api unnecessary pointers (4)

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

Co-authored-by: shuting <shuting@nirmata.com>
 2022-04-29 09:12:01 +02:00
shuting
a45986c04d
Set policy kind to generate events in the webhook (#3726) 
* remove mutateExisting field

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* update policy controller to create UR for generate

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* remove debug log

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* - Update api docs
- Ignore e2e tests cleanup failure

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* Add back index to helm template

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* Set policy kind to generate events in the webhook

Signed-off-by: ShutingZhao <shuting@nirmata.com>
 2022-04-29 05:50:55 +00:00
shuting
e248308cb3
Create UR for both mutate and generate policies (#3717) 
* remove mutateExisting field

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* update policy controller to create UR for generate

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* remove debug log

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* - Update api docs
- Ignore e2e tests cleanup failure

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* Add back index to helm template

Signed-off-by: ShutingZhao <shuting@nirmata.com>
 2022-04-29 11:01:02 +05:30
Charles-Edouard Brétéché
7fca026678
fix: remove supported from autogen status (#3714) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-04-28 16:14:48 -07:00
Charles-Edouard Brétéché
b7f42a0d1f
refactor: remove some api unnecessary pointers (3) (#3707) 
* refactor: remove some api unnecessary pointers

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* refactor: remove some api unnecessary pointers (2)

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* refactor: remove some api unnecessary pointers (3)

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-04-28 12:30:23 +00:00
shuting
d3eec03a79
Optimize UR listing on policy events (#3712) 
* Optimize UR listing on policy events

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* fix new UR creation for multiple policies

Signed-off-by: ShutingZhao <shuting@nirmata.com>
 2022-04-28 10:29:48 +00:00
shuting
eb0b8d352c
- Create events for imageVerify rules (#3710) 
- Skip generating events on blocked resource

Signed-off-by: ShutingZhao <shuting@nirmata.com>
 2022-04-28 17:51:06 +08:00
Charles-Edouard Brétéché
68c35b2f2e
refactor: remove some api unnecessary pointers (2) (#3705) 
* refactor: remove some api unnecessary pointers

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* refactor: remove some api unnecessary pointers (2)

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-04-28 17:11:14 +08:00
Charles-Edouard Brétéché
75e300799a
fix: remove unused type TargetMutation (#3706) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
 2022-04-28 06:05:13 +00:00
Charles-Edouard Brétéché
cf86887d55
refactor: remove some api unnecessary pointers (#3704) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-04-28 12:41:10 +08:00
Jim Bugwadia
ab5171cee5
Verify digest (#3679) 
* add verifyDigest to check all tags are converted to digests

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* add required to check for image verification annotation

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* make fmt

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* generate CRD

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* adding imageverify true/false patch

Signed-off-by: anushkamittal20 <anumittal4641@gmail.com>

* patch addition logic

Signed-off-by: anushkamittal20 <anumittal4641@gmail.com>

* image verify CLI tests

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* fix tests

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* fixes and unit tests

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* fix digest mutate

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* fmt

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* make codegen

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* fix policy cache

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

Co-authored-by: anushkamittal20 <anumittal4641@gmail.com>
 2022-04-27 15:09:52 +00:00
Charles-Edouard Brétéché
8b36441cd1
refactor: auth package logger (#3696) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-04-27 13:34:08 +00:00
Charles-Edouard Brétéché
f32ea23c9d
chore: remove unused custom expansions from client (#3697) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-04-27 21:14:49 +08:00
Charles-Edouard Brétéché
f34a542587
refactor: client gen code (#3695) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-04-27 12:30:43 +00:00
Charles-Edouard Brétéché
a6924a11ab
refactor: use typed k8s client in tls package (#3678) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-04-26 20:18:14 +00:00
Charles-Edouard Brétéché
c97af0094f
refactor: config package logger (#3683) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-04-26 21:55:24 +02:00
shuting
d5f6167e56
Fix flaky e2e tests for generate policies (#3681) 
* fix flaky generate e2e tests

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* enable validate, verifyimage e2e tests

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* set policy names different within a single test

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* do not delete cloned resource when sync generate policy is deleted

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* replace grLister by urLister

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* re-queue pending URs only to fix clone policy deletion

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* remove duplicate import

Signed-off-by: ShutingZhao <shuting@nirmata.com>

Co-authored-by: Sambhav Kothari <sambhavs.email@gmail.com>
Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-04-26 19:18:24 +00:00
Sambhav Kothari
25badfe4fb
Fix regression in wildcard matches in In/AnyIn operators (#3686) 
Signed-off-by: Sambhav Kothari <skothari44@bloomberg.net>

Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
 2022-04-26 18:03:05 +00:00
Mritunjay Kumar Sharma
ebd44131c9
Logic of match service account is fixed for namespace (#3662) 
* attempt to implement new logic for roleRef

Signed-off-by: Mritunjay Sharma <mritunjaysharma394@gmail.com>

* fixes match subject map logic

Signed-off-by: Mritunjay Sharma <mritunjaysharma394@gmail.com>

* changes namespace for clusterRolebinding

Signed-off-by: Mritunjay Sharma <mritunjaysharma394@gmail.com>

* adds tests

Signed-off-by: Mritunjay Sharma <mritunjaysharma394@gmail.com>

* fixes in tests

Signed-off-by: Mritunjay Sharma <mritunjaysharma394@gmail.com>

* fixes in tests

Signed-off-by: Mritunjay Sharma <mritunjaysharma394@gmail.com>
 2022-04-26 14:33:58 +00:00
Vyankatesh Kudtarkar
79be6379b2
fix test cli CI failures from main (#3682) 2022-04-26 20:00:46 +08:00
Vyankatesh Kudtarkar
ae75b97cb7
Fix issue pod should not be ready until the policy cache loaded (#3646) 
* fix issue pod should not be ready until the policy cache  loaded.

* remove unused code

* remove testcase

* add test case

* fix issue

* add lister

* fix lift issue

* address comment
 2022-04-26 06:26:46 +00:00
shuting
123a4f5128
bug: fix nil pointer when generating events (#3677) 
* fix nil pointer when generating events

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* rename error message of form ErrFoo

Signed-off-by: ShutingZhao <shuting@nirmata.com>
 2022-04-26 05:40:05 +00:00